The secure-setup utility

NOTE
Secure-setup works for units within a single stack. It does not work across stacks.
NOTE
Long distance stacking ports are not default stacking ports. If you are using only long distance stacking ports, you cannot use the stack secure-setup utility to configure your stack because the secure-setup utility probes for other potential stack members only on default stacking ports.

Secure-setup lets you easily configure your entire stack through the active controller, which propagates the configuration to all stack members. Secure-setup is the most secure way to build a traditional stack. It gives you the most control over how your stack is built. For example, secure-setup offers three security features that prevent unauthorized devices from accessing or joining a traditional stack:

  • Authentication of secure-setup packets provides verification that these packets are from a genuine Ruckus stack unit. MD5-based port verification confirms stacking ports.
  • A superuser password is required to allow password-protected devices to become members of a traditional stack.
  • The stack disable command prevents a unit from listening for or sending stacking packets. When a unit is stack-disabled, no other device in the network can force the unit to join a traditional stack.

Secure-setup can also be used to add units to an existing traditional stack and to change the stack IDs of stack members.

Secure-setup and the active controller

When secure-setup is issued on a unit that is not already the active controller, the unit becomes the active controller. If this unit does not already have an assigned priority and if no other unit in the stack has a priority higher than 128, secure-setup assigns the unit a priority of 128 by default. However, if another unit in the stack has a priority of 128 or higher, secure-setup gives the active controller a priority equal to the highest priority unit in the stack (which is by default the standby controller). When the active controller and the standby controller have identical priorities, during a reset, the old active controller cannot reassume its role from the standby controller (which became the active controller at the reset).

If the previous active controller again becomes active and you want it to resume the role of active controller, you should set the priority for the standby controller to a priority lower than 128. If you do not want the previous active controller to remain the active controller, you can set the same priority for both active and standby controllers (equal to or higher than128).

Parent topic: Traditional stack construction methods